Back to Details

competition-stego-media

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Competition Stego Media

竞赛隐写媒体

Use this skill only as a downstream specialization after 
$ctf-sandbox-orchestrator
is already active and has established sandbox assumptions, node ownership, and evidence priorities. If that has not happened yet, return to 
$ctf-sandbox-orchestrator
first.
Use this skill when the challenge lives inside a media container, hidden channel, or appended payload rather than a conventional crypto blob.
Reply in Simplified Chinese unless the user explicitly requests English.
仅可在 
$ctf-sandbox-orchestrator
已激活并完成沙箱假设、节点归属和证据优先级确认后,作为下游专用 skill 使用。如果上述前置条件未满足,请先返回 
$ctf-sandbox-orchestrator
流程。
当题目考点为媒体容器、隐藏通道或附加 payload 而非传统加密 blob 时,可使用本 skill。
除非用户明确要求英文回复,否则请使用简体中文回复。

Quick Start

快速入门

  1. Confirm the real container type, dimensions, duration, codec, and chunk layout before guessing a hidden layer.
  2. Check metadata, thumbnails, sidecar files, and appended trailers before deeper signal-domain work.
  3. Rank candidate channels by evidence: alpha, palette, LSB, transform-domain residue, frame order, or container slack.
  4. Preserve each extracted layer separately so the transform chain stays reproducible.
  5. Stop when the hidden payload is reproduced, not merely suspected.
  1. 在猜测隐藏层之前,先确认真实的容器类型、尺寸、时长、编码格式和块布局。
  2. 在开展更深层次的信号域工作前,先检查元数据、缩略图、附属文件和附加尾部数据。
  3. 根据证据对候选通道排序:alpha 通道、调色板、LSB、变换域残差、帧顺序、容器空闲空间。
  4. 单独保存每个提取的层,确保变换链路可复现。
  5. 当隐藏 payload 成功复现时停止操作,不要仅停留在怀疑阶段。

Workflow

工作流

1. Establish Container Truth

1. 确认容器真实属性

  • Inspect headers, chunk tables, EXIF or document metadata, container indexes, thumbnails, and file size anomalies.
  • Compare declared format against observed structure to catch polyglots, appended archives, or malformed trailers.
  • Record exact offsets, frame numbers, or channel boundaries that look promising.
  • 检查头部、块表、EXIF 或文档元数据、容器索引、缩略图和文件大小异常。
  • 对比声明格式与实际观测到的结构,识别多格式复合文件、附加压缩包或格式错误的尾部数据。
  • 记录看起来有价值的精确偏移量、帧编号或通道边界。

2. Inspect Candidate Channels

2. 检查候选通道

  • Check alpha, palette order, RGB or YUV planes, LSBs, spectrogram features, document object streams, or video frame deltas.
  • Prefer evidence-driven attempts over brute forcing every transform.
  • Note whether the payload is plain bytes, another media layer, compressed data, or an encrypted blob.
  • 检查 alpha 通道、调色板顺序、RGB 或 YUV 平面、LSB、频谱图特征、文档对象流或视频帧差。
  • 优先采用证据驱动的尝试,而非暴力遍历所有变换方式。
  • 记录 payload 类型:普通字节、其他媒体层、压缩数据或加密 blob。

3. Reconstruct The Hidden Payload Path

3. 重建隐藏 payload 提取路径

  • Keep the chain in order: container -> channel or carrier -> extraction -> decompression or decode -> final parse.
  • Separate extraction success from final interpretation; a channel hit is not the same as artifact recovery.
  • If the problem becomes primarily about cryptography after extraction, hand off to the broader crypto skill.
  • 保持链路顺序:容器 -> 通道/载体 -> 提取 -> 解压/解码 -> 最终解析。
  • 区分提取成功与最终解读:命中通道不等同于成功恢复有效内容。
  • 如果提取后问题主要属于密码学范畴,请移交到通用密码 skill 处理。

Read This Reference

参考文档

  • Load 
    references/stego-media.md
    for the media checklist, channel ranking guide, and evidence packaging.
  • 加载 
    references/stego-media.md
    获取媒体检查清单、通道排序指南和证据打包说明。

What To Preserve

需要留存的内容

  • File structure facts: offsets, chunks, frame numbers, stream names, metadata keys, and trailer size
  • Intermediate extractions and the exact command or transform used to produce them
  • The final recovered payload and the channel that produced it
  • 文件结构事实:偏移量、块、帧编号、流名称、元数据键、尾部数据大小
  • 中间提取结果,以及生成这些结果所使用的精确命令或变换方法
  • 最终恢复的 payload 及其来源通道